Critical Security Flaw Fixed in iTunes
3 Comments
Security firm Secunia on Tuesday urged Apple iTunes users to upgrade to version 4.8 of the software in order to avoid a recently discovered security flaw, which it has listed as "highly critical." The hole is created by causing a buffer overflow via a specifically crafted MPEG4 file. If the exploit is successful, a user's system could be compromised to run malicious code.
Apple was made aware of the vulnerability and has fixed the bug in its iTunes latest release. "iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files," Apple said in a security advisory listing enhancements found in the new version of the software.